Microsoft has gotten a fair amount of justified criticism for the myriad Windows and Internet Explorer vulnerabilities. But now the darling of the tech world, Google, is starting to take some heat as well.

The Google Desktop search tool, it was revealed soon after its release, could be used to ferret out secret information about someone who uses a public computer, including reading his private email. That’s because it indexes all Web pages visited by Internet Explorer, including secure Web sites. So if you visit a site like Hotmail on a public computer and read your private mail, other people who use Google Desktop on the same PC will be able to read your mail, unless certain settings are tweaked.

That was a relatively minor problem, and easily fixed by a simple setting change. The last few days, though, have seen more serious security problems arise. Rice University researchers found out that a flaw in Google Desktop could be used to let intruders on the Internet secretly read the contents of your hard drive. Google fixed the security hole, and has automatically updated Google Desktop on people’s PCs so that it’s no longer vulnerable. But even though it was fixed, security experts warn that other similar holes may eventually surface — and so the research firm Gartner has recommended the businesses not let their users install it.

Now it’s been revealed that malware writers are using the Google search site as a way to attack vulnerable Web sites.

Why point the finger at Google? To show that Microsoft’s security woes are not all of its own making. I’ve long said that one reason Microsoft software is targeted is simply because most people use its software. Now the same thing is happening to Google which is, in terms of popularity, practically the Microsoft of the Web.

So yes, it’s true that Microsoft has a way to go to securing Windows and Internet Explorer. (Its recent acquisition of spyware vendor Giant Software, though, shows that it’s taking the issue seriously.) But Google’s security problems show that to certain extent, security holes are part of the price tech companies pay for success.

What do you think about Google’s recent security problems?

Related link: http://marketing.openoffice.org/conference/regicon/

North American OpenOffice.org fans and users will no longer have to travel overseas to meet up with their peers. OpenOffice.org will have a half-day regional event at the Desktop Linux Summit (DLS) to be held in San Diego, California on 9-10-11 February 2005.

The first OpenOffice.org Regional Conference North America (OOo RegiCon North America) will be held on Wednesday, February 9, 2005, at the Del Mar Fairgrounds.

The OOo RegiCon gets the DLS underway at noon on February 9, with speakers on a variety of topics throughout the afternoon. We’ll be showcasing version 2 of OpenOffice.org, which is due for release in late March.

OOo RegiCon is hosted by the Desktop Linux Summit, being organized by Linspire, Inc. Registration for OOo RegiCon is included in the ticket for DLS. Early bird registration closes January 7, 2005.

The OpenOffice.org booth will be open for the full 2-1/2 days of DLS. Yours truly will be having fun as a booth attendant — come along and say hello! We’ll have CDs and other goodies to give away, and lots of information about the upcoming new release.

This Perl success story was submitted by Dietrich Schmitz. He shows us one more example of Perl’s flexibility and power.

Here in upstate New York, Syracuse, I work for the SUNY Upstate Medical University where I support an Outpatient Provider-based Claims and Patient Billing system.

With Federal Mandated HIPAA compliancy, there have been many hurdles we needed to cross to become compliant, including migrating our existing Practice Managment system. With exception to only a few Insurance Carriers, most are now receiving the HIPAA-compliant ANSI X12 837 claim format.

A few years ago, I wrote a project that created ASCII flat file export data which was used for import to a third-party software application to perform batch Eligibility and Service Authorizations to an Upstate Insurance carrier. This process was used by our contracted ‘back-office’ Billing service weekly and had been working very nicely. But with HIPAA mandates, the proprietary submission format was due to expire and all transactions, to become compliant, had to be formatted to X12 ANSI 270 and 278 specifications. To make the issue even more crucial, the carrier would not adjudicate an 837 claim without submitting the needed 278 Service Authorization.

Extensive research showed there were no vendors out there that supported this format and the targeted carrier in question for 278 batch submission. There were plenty of interactive websites vis-a-vis WebMD for performing ‘real-time’ (one-by-one) transactions–but not batch.

The process we had in place for the last three years handled on average about 2000-3000 transactions in batch weekly, so replacing it with a manual card-swipe device, or web-based individual transaction based method was unacceptable.

Thus, I decided to write an ‘In-House’ application and effectively became ‘the software vendor’.

Fortunately, Perl came to the rescue.

I have found many uses for this amazing language and this was the biggest project by far that I have written with it. From start to finish, it took over a year to complete, including pilot group testing.

Basically, the process works the same way in terms of steps taken by staff, but is interfaced in a different way.

The user processes their claim transactions that qualify for either an Eligibility request (270) or a Service Authorization (278) from an AIX shell menu interface I wrote.

The shell menu in turn spawns the Perl module I wrote (UT.pm) to create the output file formatted as X12 270 or 278. When the process finishes, it e-mails the user the output file along with a log report.

The user then drops the output file(s) to their local share and dials up an authentication server at the Insurance Carrier host site.

Once this step is performed, the ip address to an authorized FTP server is exposed, and the user then logs onto the FTP server with a login/password and ftps the batch transactions directly to the carrier–a 5 minute process.

The Perl script/modules I wrote for creation of output files reside on our host AIX system.
All of the queries that pull together the needed data elements from our Informix database are performed by Perl/DBI–a ‘beautiful thing’.

ANSI X12 (verses ANSI National Standard Format) is in terms of the specification variable length segments, using an asterisk (*) to delimit fields and a tilde (~) to terminate each segment. Fine. For years, National Standard Format worked fine for me with fixed length fields and fixed length records terminated by a carriage return/line feed pair (0D/0A Hex), but if that’s what they want, Perl can do it–thanks largely to its inheritance of key C functions like printf and sprintf.

Ok, so far so good, they’ve created their output files and ftp’d them off to the carrier from their client Windows PC. The carrier specifies they wait a minimum of two hours before dialing back into retrieve their corresponding ‘Responses’.

The ‘Response’ from the carrier gives the user the answer to either an Eligibility (270) inquiry transaction or a confirmation (approval) for a Service Authorization Request (278).

Then, the second big problem to solve was how best to parse back the (271 and 278 Response) files into a ‘Human Readable’ report format that a user could use to process the information from the carrier.

Well, Perl came to the rescue again.

But I must also give credit where credit is due. Two supporting modules from authors at CPAN were of ‘tremendous’ help and I thank them for their intellectual efforts. They are:

X12::Parser (http://search.cpan.org/dist/X12/lib/X12/Parser.pm)
Spreadsheet::WriteEXCEL (http://search.cpan.org/dist/Spreadsheet-WriteExcel/)

I installed to the office dial-up PCs the Windows-based ActiveState Perl interpreter (www.activestate.com) and installed the two above modules.

Cobbled together with a few DOS batch files and supporting perl scripts, the users retrieve back their response files and ‘drag drop’ them to an Icon which transparently invokes a perl script I wrote (x12toxls.pl) that parses back the response files into an EXCEL spreadsheet and automatically starts up the spreadsheet for viewing/printing.

Everything fell into place and I was able to meet the HIPAA-complaincy deadline and now have some 10 Hospital sub-specialties running in production mode now with X12 270/278–thanks to Perl.

It is ’so true’ that Perl ‘makes the simple things easy and the hard things possible’.

Thank you Larry Wall.

Dietrich Schmitz
Syracuse New York

Google may be the ultimate Web searcher, but when it comes to finding things on your computer, the just-released beta of MSN Desktop Search beats it hands-down.

That’s because Microsoft’s search tool has been built specifically to search through emails and documents, and so it lets you fine-tune your search in ways that Google doesn’t. So if you’re looking for a specific piece of email, for example, you can search by folder, by sender, by date, by size of file attachments, and more - and you can combine them all for exceedingly fine-tuned searches.

Additionally, MSN Desktop Search has an interface that lets you easily sort and resort your results, and lets you right-click on any result, and then take actions on the file from a pop-up menu - the same pop-up menu that appears when you right-click in Windows Explorer.

There are a lot of other nifty extras in it as well. It can sit as a box in your Taskbar for example, and when you want to do a search, type your search into the box, and results pop up, menu-style. Click on any result to get straight to the file or email.

Google’s search tool, on the other hand, uses the Web search paradigm. You can fine-tune it in ways you would when searching the Web, but not in ways you’d like to when looking for files or email on your hard disk. The interface is bare-bones Google, which is fine for the Web, but not suited for when you’re looking for files, and then working with them on your PC.

Don’t expect either of these search tools to change drastically. Google has applied the Web approach to searching and applied it to your computer. Microsoft instead applied what it knows about Windows, Outlook, and documents. And the winner, without a doubt, is Microsoft.

Which search tool do you think is better? Let me know.

Related link: http://www.csthota.com

So, how to get an address from any given postal code using MapPoint Web Service? There is no direct one-method call that can accomplish this; you have to combine two methods, FindPlace and GetLocationInfo from the FindServiceSoap class, to get the address of a zip code/postal code.

Here is a sample that shows how to do accomplish it:


private Address GetAddressFromZipCode(string zipCode)
{
Address address = null;
FindServiceSoap findService = new FindServiceSoap();
FindSpecification spec = new FindSpecification();
spec.DataSourceName = “MapPoint.NA”;
spec.InputPlace = zipCode;

spec.Options = new FindOptions();
findService.Credentials = new System.Net.NetworkCredential(myUserId, mySecurePassword);
FindResults findRes = findService.Find(spec);
if(findRes.NumberFound > 0)
{
LatLong ll = findRes.Results[0].FoundLocation.LatLong;
GetInfoOptions options = new GetInfoOptions();
options.IncludeAddresses = true;
options.IncludeAllEntityTypes = false;
Location[] locations = findService.GetLocationInfo(ll, “MapPoint.NA”, options);
foreach(Location location in locations)
{
if(location != null && location.Address != null)
{
address = location.Address;
break;
}
}
}
return address;
}


The GetInfoOptions here is important since that’s where we are requesting the addresses for returned locations and also limiting the SOAP response packet size. The IncludeAllEntityTypes is set to true by default and this causes too many location results to be returned. So, setting it to false is a good idea if you just want the city, state and country details from a zip code. For example, searching for address for zip code 98052 returned 15 locations when IncludeAllEntityTypes set to true and returned only 4 locations when set to false!

Now, do you have a better way of finding an address for any given postal code? Discuss it here!

Related link: http://www.csthota.com

Some of the MapPoint 2004 developers have asked me if there is a way to determine time zone of a location using MapPoint 2004. Well, there is no direct method that gives you time zone of a location but, using the ObjectsFromPoint method, you can determine time zone. The following code sample shows how:

string place = “Redmond, WA”;
//Find the locatoin first
MapPoint.FindResults findResults
= axMappointControl1.ActiveMap.FindResults(place);
if(findResults != null && findResults.Count > 0)
{
object index = 1;
MapPoint.Location location =
findResults.get_Item(ref index) as MapPoint.Location;
//Zoom into it
location.GoTo();
//Set low altitudes
axMappointControl1.ActiveMap.Altitude = 2;
//Now get points from the location
MapPoint.FindResults points
= axMappointControl1.ActiveMap.ObjectsFromPoint(
axMappointControl1.ActiveMap.LocationToX(location),
axMappointControl1.ActiveMap.LocationToY(location));
if(points != null && points.Count > 0)
{
for(int i=1;i<=points.Count;i++)
{
object index2 = i;
//Get location
MapPoint.Location loc
= points.get_Item(ref index2) as MapPoint.Location;

//Look for GMT in the name of the location
if(loc.Name.IndexOf("GMT") > 0)
{
MessageBox.Show(loc.Name);
break;
}
}
}


That’s it!

Now, this worked on MapPoint 2004 NA and I haven’t tested it on EU version. Do you know a better way of finding Time Zone from a given location using MapPoint 2004? Discuss it here!

Several years ago, Sun Microsystem’s CEO Scott McNealu raised the hackles of privacy advocates everywhere, when he said of the lack of privacy on the Internet, “You already have zero privacy. Get over it.”

A good portion of the world, it seems, agrees with him.

At least, that’s what an article in Wired seems to say. According to the article, a surprising number of people aren’t particularly worried that spyware infects their system, watches what they do, and then reports on it.

The article talked about an apparently pernicious piece of spyware called Marketscore that rides on the back of the iMesh file-sharing application. The article notes that Marketscore not only tracks what sites users visit, but can even snoop on information entered on secure Web sites, including passwords, credit card numbers, and bank account numbers.

So why aren’t people worried? Because they feel it’s the price you have to pay to get free software. “You have to support spyware if you’re going to have free file-sharing applications. Fair’s fair,” one college student told Wired, and apparently a fair number of other students agree with him.

I hope this is just an odd anomaly, and that McNealy’s words about privacy weren’t prescient. A world in which people are willing to give up their privacy, just to get some free software, isn’t a particularly appealing one.

After all, as the Firefox browser and other open source software shows, you don’t have to give up anything if you want solid, free software, least of all, your very identity.

What do you think about your privacy on the Internet? Let me know.